Authentication is the process of verifying the credentials of a user. In the case of remote access, the user connecting remotely must present one or more sets of credentials to get access to the Remote Access Server. Once the Remote Access Server authenticates the user, further access to network resources is governed and limited by the permissions set on the resources and are applicable to the remote user.
The following are commonly used authentication protocols for remote access:
The following are commonly used authentication protocols for remote access:
Challenge Handshake Authentication Protocol (CHAP)
The CHAP authentication protocol is very commonly used for remote access. When the remote link is established, the user is sent a challenge text. The remote user responds with a shared secret in encrypted form using an MD5 hashing algorithm. The user is authenticated only if the secret matches the one stored on the Remote Access Server. CHAP periodically verifies the identity of the user by sending challenge text at random times during the connection.
Microsoft Challenge Handshake Authentication Protocol (MS-CHAP)
MS-CHAP is Microsoft’s implementation of the CHAP authentication protocol used on Windows systems. It is a password-based authentication mechanism that is more secure than CHAP. MS-CHAP is an earlier version of MS-CHAPv2 that supports only one-way authentication. MS-CHAPv2 supports two-way authentication in which both client and server authenticate each other using encrypted passwords.
Password Authentication Protocol (PAP)
PAP is the oldest and most basic form of authentication in which the username and password are transmitted in clear text over the dial-up network. The transmissions are unencrypted and insecure.
Extensible Authentication Protocol (EAP)
EAP is the most secure of all authentication mechanisms. It enables the use of a variety of encryption methods for remote access, VPN, and wired and wireless LANs. It supports the use of smart cards for secure authentication.
The CHAP authentication protocol is very commonly used for remote access. When the remote link is established, the user is sent a challenge text. The remote user responds with a shared secret in encrypted form using an MD5 hashing algorithm. The user is authenticated only if the secret matches the one stored on the Remote Access Server. CHAP periodically verifies the identity of the user by sending challenge text at random times during the connection.
Microsoft Challenge Handshake Authentication Protocol (MS-CHAP)
MS-CHAP is Microsoft’s implementation of the CHAP authentication protocol used on Windows systems. It is a password-based authentication mechanism that is more secure than CHAP. MS-CHAP is an earlier version of MS-CHAPv2 that supports only one-way authentication. MS-CHAPv2 supports two-way authentication in which both client and server authenticate each other using encrypted passwords.
Password Authentication Protocol (PAP)
PAP is the oldest and most basic form of authentication in which the username and password are transmitted in clear text over the dial-up network. The transmissions are unencrypted and insecure.
Extensible Authentication Protocol (EAP)
EAP is the most secure of all authentication mechanisms. It enables the use of a variety of encryption methods for remote access, VPN, and wired and wireless LANs. It supports the use of smart cards for secure authentication.
Shiva Password Authentication Protocol (SPAP)
SPAP is used for authentication to Shiva Remote Access Servers. This protocol is more secure than PAP but not as secure as CHAP, MS-CHAP, or EAP.
No comments:
Post a Comment